8ebded1c72838237c16999aa53c446e5d5450f76a3b780c4bddf509b0187f039

Sharing

Copy URL Twitter E-mail

General

Target

8ebded1c72838237c16999aa53c446e5d5450f76a3b780c4bddf509b0187f039
Size

17KB
MD5

2e97ff4328a0cb7647b34e47917b3142
SHA1

c30552dc76be5c318d09e76c8b07ab6fd5c64491
SHA256

8ebded1c72838237c16999aa53c446e5d5450f76a3b780c4bddf509b0187f039
SHA512

fc86a02a79681222d6ed7fd8c187ddbaff1269fa83f9a20ba3a47217513020c634aaf7d72071c67bb20238c60f08d187631aec5b232b5c2329a28835cb2763c2
SSDEEP

384:k5lpWUjrweGzNRwyN9mbmyFjWV3V4WE1F47LcpT1vDjD:ewDptfm/jWwWE1QLAT9DjD

Score

N/A

Malware Config

Signatures

Files

8ebded1c72838237c16999aa53c446e5d5450f76a3b780c4bddf509b0187f039
.dll windows x86

1f35af90a9983ce2e13afeae37e18fa0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateDirectoryW
CreateFileA
CreateFileW
CreateFileMappingA
CreateThread
DeleteFileA
ExitProcess
ExitThread
FindFirstFileA
FindNextFileA
FreeLibrary
GetFileSize
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileIntA
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
GetProcAddress
GetProcessHeap
GetShortPathNameA
GetSystemDirectoryA
GetVolumeInformationA
GlobalAlloc
GlobalFree
HeapAlloc
LoadLibraryA
LocalAlloc
LocalFree
MapViewOfFile
MoveFileA
MoveFileExA
OpenFileMappingA
RemoveDirectoryA
SetFilePointer
Sleep
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
WaitForSingleObject
WriteFile
lstrcatA
lstrcmpW
lstrcpyA

user32

CreateDialogParamW
CreateWindowExW
DefWindowProcW
ExitWindowsEx
FindWindowW
GetAsyncKeyState
GetClassInfoExW
GetCursorPos
GetDlgItem
IsDialogMessageW
IsWindowVisible
KillTimer
RegisterClassExW
SendMessageA
SetLayeredWindowAttributes
SetTimer
SetWindowLongA
SetWindowTextW
ShowWindow
wsprintfA

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegSetValueExA

wininet

FtpCreateDirectoryA
FtpPutFileA
FtpSetCurrentDirectoryA
HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle
InternetConnectA
InternetOpenA

wintrust

WinVerifyTrust

shell32

SHGetFolderPathA
ShellExecuteA
StrRChrA

ntdll

RtlAdjustPrivilege

Exports

Exports

AddProcessExclusion
GetChangeRect
GetChangedWindowList
IsTitleBarButtonPressed
RemoveProcessExclusion
SetButtonXOffset
SetSingleWindow
ShowTitleBarButton
StartHooks
StopHooks

Sections

.code
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edat
Size: 512B - Virtual size: 322B

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idat
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE

Sharing

General

Malware Config

Signatures

Files

1f35af90a9983ce2e13afeae37e18fa0

Headers

File Characteristics

Imports

kernel32

user32

advapi32

wininet

wintrust

shell32

ntdll

Exports

Exports

Sections

.code Size: 11KB - Virtual size: 11KB

.edat Size: 512B - Virtual size: 322B

.idat Size: 2KB - Virtual size: 2KB

.reloc Size: 1KB - Virtual size: 1KB

.code
Size: 11KB - Virtual size: 11KB

.edat
Size: 512B - Virtual size: 322B

.idat
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB